security

If you run a WordPress blog, drop everything and go check your blog security! Wait… I mean drop everything except reading this blog. Read, then drop. Right, hope that is sorted out now.

The point is that there is apparently a security hole in WordPress that is A) a serious pain in the ass, and B) nobody is quite sure how it is spreading. We were his with this on the Ignite Phoenix blog, and it took us the better part of a day to get back on our feet.

What It Is

We saw the problem when people visiting any of our pages were redirected to malware installation sites. People using Chrome were getting errors immediately, and it was triggering anti-virus software from AVG to Norton’s. After some research and help from Chuck Reynolds, we determined he had a variant of this Cloaking Hack. Originally just adding keywords to the infected site, the new version we had put the redirect into every page on our site.

We tried to scrub it from our files and database (yes, it messes with your database) but we kept getting re-infected. We finally ended up having to move to a whole new ipage hosting and reinstall everything from the ground up. This was tricky since we could not reliably do an export from the previous site.